{"id":"CVE-2019-20838","details":"libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \\X or \\R has more than one fixed quantifier, a related issue to CVE-2019-20454.","modified":"2026-03-15T22:28:10.097822Z","published":"2020-06-15T17:15:09.683Z","related":["ALSA-2021:4373","SUSE-SU-2021:3529-1","SUSE-SU-2021:3652-1","openSUSE-SU-2021:1441-1","openSUSE-SU-2021:3529-1"],"references":[{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2020/Dec/32"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2021/Feb/14"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"},{"type":"ADVISORY","url":"https://support.apple.com/kb/HT211931"},{"type":"ADVISORY","url":"https://support.apple.com/kb/HT212147"},{"type":"ADVISORY","url":"https://www.pcre.org/original/changelog.txt"},{"type":"FIX","url":"https://bugs.gentoo.org/717920"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"8.43"}]},{"events":[{"introduced":"0"},{"fixed":"11.0.1"}]},{"events":[{"introduced":"8.2.0"},{"fixed":"8.2.12"}]},{"events":[{"introduced":"9.0.0"},{"fixed":"9.0.6"}]},{"events":[{"introduced":"0"},{"last_affected":"9.1.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-20838.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}